Hi all, I am currently trying to set up an isolated Networks with redundant routers in CloudStack 4.9.2, but fail to solve a problem:
Any time I start a virtual machine on the isolated network the virtual router in the master role looses its service IP on the internal network. A simple "service keepalived restart" fixes the IP setup. /var/log/cloud.log on the respective router shows messages, that suggest the IP is removed on purpose by the script "/opt/cloud/bin/cs/CsAddress.py". The portion in the log is: 2017-10-21 10:40:44,253 CsHelper.py execute:184 Executing: ip addr show dev eth0 2017-10-21 10:40:44,265 CsAddress.py is_guest_gateway:657 Checking if cidr is a gateway for rVPC. IP ==> 10.1.2.1/32 / device ==> eth0 2017-10-21 10:40:44,266 CsAddress.py is_guest_gateway:660 Interface has the following gateway ==> None 2017-10-21 10:40:44,277 CsAddress.py delete:676 Removed address 10.1.2.1/32 from device eth0 2017-10-21 10:40:44,278 CsAddress.py post_config_change:558 Not able to setup source-nat for a regular router yet After looking into CsAddress.py I have the impression, that the service IP is not in the pool of expected IPs for the machine and therefore deleted. Maybe I missed some configuration parameter, to let CloudStack know, that it should not remove the service IP? Can someone give some advice? Greetings, Melanie ----- Below some data from my configuration that might be helpful: The network from the API: melaniedesaive@HS-X201-03 [2001] $ cloudmonkey -p ocl-admin -d json list networks id=68198cf0-f61f-4dac-9d74-bfa21764717c projectid=ce960375-6fd2-4e00-add2-9c8a644a24b9 listall=true { "count": 1, "network": [ { "acltype": "Account", "broadcastdomaintype": "Vlan", "broadcasturi": "vlan://580", "canusefordeploy": true, "cidr": "10.1.2.0/24", "displaynetwork": true, "displaytext": "Netz mit finalem Offering HA expliziter Gateway 2", "dns1": "192.168.100.1", "dns2": "192.168.100.1", "domain": "Temp", "domainid": "0a092d9b-b055-4c2f-82e5-4bbd21706273", "gateway": "10.1.2.1", "id": "68198cf0-f61f-4dac-9d74-bfa21764717c", "ispersistent": false, "issystem": false, "name": "Netz mit finalem Offering HA expliziter Gateway 2", "netmask": "255.255.255.0", "networkdomain": "meltest.heinlein-intern.de", "networkofferingavailability": "Optional", "networkofferingconservemode": true, "networkofferingdisplaytext": "Offering for Isolated networks with Source Nat service enabled HA With redundant Routers", "networkofferingid": "4aa7e796-d3f0-4696-89ad-708b956ce9c5", "networkofferingname": "DefaultIsolatedNetworkOfferingWithSourceNatServiceHA", "physicalnetworkid": "f7a3527c-b5a9-4e04-9d15-5d22fe3c71f9", "project": "Mel Diverses", "projectid": "ce960375-6fd2-4e00-add2-9c8a644a24b9", "related": "68198cf0-f61f-4dac-9d74-bfa21764717c", "restartrequired": false, "service": [ { "capability": [ { "canchooseservicecapability": false, "name": "RedundantRouter", "value": "true" }, { "canchooseservicecapability": false, "name": "SupportedSourceNatTypes", "value": "peraccount" } ], "name": "SourceNat" }, { "name": "PortForwarding" }, { "capability": [ { "canchooseservicecapability": false, "name": "AllowDnsSuffixModification", "value": "true" } ], "name": "Dns" }, { "name": "StaticNat" }, { "name": "UserData" }, { "capability": [ { "canchooseservicecapability": false, "name": "VpnTypes", "value": "removeaccessvpn" }, { "canchooseservicecapability": false, "name": "SupportedVpnTypes", "value": "pptp,l2tp,ipsec" } ], "name": "Vpn" }, { "capability": [ { "canchooseservicecapability": false, "name": "MultipleIps", "value": "true" }, { "canchooseservicecapability": false, "name": "SupportedTrafficDirection", "value": "ingress, egress" }, { "canchooseservicecapability": false, "name": "SupportedProtocols", "value": "tcp,udp,icmp" }, { "canchooseservicecapability": false, "name": "TrafficStatistics", "value": "per public ip" }, { "canchooseservicecapability": false, "name": "SupportedEgressProtocols", "value": "tcp,udp,icmp, all" } ], "name": "Firewall" }, { "capability": [ { "canchooseservicecapability": false, "name": "SupportedStickinessMethods", "value": "[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\" \"}],\"description\":\"This is loadbalancer cookie based stickiness method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\" \"}],\"description\":\"This is App session based sticky method. Define session stickiness on an existing application cookie. It can be used only for a specific http traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\" \"}],\"description\":\"This is source based Stickiness method, it can be used for any type of protocol.\"}]" }, { "canchooseservicecapability": false, "name": "SupportedLbAlgorithms", "value": "roundrobin,leastconn,source" }, { "canchooseservicecapability": false, "name": "SupportedProtocols", "value": "tcp, udp, tcp-proxy" }, { "canchooseservicecapability": false, "name": "SupportedLBIsolation", "value": "dedicated" }, { "canchooseservicecapability": false, "name": "LbSchemes", "value": "Public" }, { "canchooseservicecapability": false, "name": "AutoScaleCounters", "value": "[{\"methodname\":\"cpu\",\"paramlist\":[]},{\"methodname\":\"memory\",\"paramlist\":[]}]" } ], "name": "Lb" }, { "capability": [ { "canchooseservicecapability": false, "name": "DhcpAccrossMultipleSubnets", "value": "true" } ], "name": "Dhcp" } ], "specifyipranges": false, "state": "Implemented", "strechedl2subnet": false, "tags": [], "traffictype": "Guest", "type": "Isolated", "vlan": "580", "zoneid": "cefbe74a-c906-43b8-8f2e-511cf1a6751d", "zonename": "Office" } ] } The network in the database: mysql> select * from networks where name = "Netz mit finalem Offering HA expliziter Gateway 2"\G; *************************** 1. row *************************** id: 264 name: Netz mit finalem Offering HA expliziter Gateway 2 uuid: 68198cf0-f61f-4dac-9d74-bfa21764717c display_text: Netz mit finalem Offering HA expliziter Gateway 2 traffic_type: Guest broadcast_domain_type: Vlan broadcast_uri: vlan://580 gateway: 10.1.2.1 cidr: 10.1.2.0/24 mode: Dhcp network_offering_id: 34 physical_network_id: 200 data_center_id: 1 guru_name: ExternalGuestNetworkGuru state: Implemented related: 264 domain_id: 3 account_id: 202 dns1: NULL dns2: NULL guru_data: NULL set_fields: 0 acl_type: Account network_domain: meltest.heinlein-intern.de reservation_id: a85287c5-fe6a-4027-9033-58e02374660d guest_type: Isolated restart_required: 0 created: 2017-10-21 11:20:10 removed: NULL specify_ip_ranges: 0 vpc_id: NULL ip6_gateway: NULL ip6_cidr: NULL network_cidr: NULL display_network: 1 network_acl_id: NULL streched_l2: 0 redundant: 1 1 row in set (0.00 sec) -- -- Heinlein Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
signature.asc
Description: OpenPGP digital signature